문의하기

In the last several weeks, many of you have likely heard about the new security threat that involves the ability to exploit common features of modern CPUs. These attacks, known as “Meltdown” and “Spectre” can impact both bare metal and virtual servers. Red Hat Virtualization has added the “IBRS Family” of CPUs to the supported Cluster CPU type as a means to help protect against the IPRS and IBPM attacks that would result in guest attacks.

NOTE: The first step towards protecting your Red Hat Virtualization environment is to update all components to the latest version. RHV and/or RHEL hosts should be updated, Red Hat Virtualization Manager should be updated, and all guests should be updated.

The feature outlined below is available starting in Red Hat Virtualization 4.1.9 with the use of Intel Nehalem and newer CPUs, when the appropriate microcode is applied to the host(s). After updating the environment and then the Red Hat Virtualization Cluster CPU type to use a IBRS CPU Type (Spectre Variant 2 protection), all VMs in that cluster need to be stopped & started.

In the screenshots below we see the information displayed for a VM, with the guest CPU highlighted. The Intel Broadwell (IBRS) family is indicated,

In this next screenshot, the hypervisor host kernel sysfs settings are highlighted, specifically regarding PTI (Meltdown), IBPB and IBRS (Spectre):

In this last screenshot, the host CPU type is highlighted - an IBRS family model capable of protecting guests using this type against in-guest attacks:

For more information on Meltdown and Spectre, please see this tutorial. For additional information on how to update Red Hat Virtualization to protect against Meltdown and Spectre, please see this knowledge base article.

Hope this helps,

Captain KVM


Red Hat logoLinkedInYouTubeFacebookTwitter

제품

체험, 구매 & 영업

커뮤니케이션

Red Hat 소개

Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.

Red Hat Shares 뉴스레터를 구독하세요

지금 신청하기

언어 선택